Open mrbluecoat opened 2 years ago
Yes. It is possible to make Omniedge the Exit node. It needs some routes rules from the devices. A node will be used as a Exit Node(server), and forward traffics for other nodes.
In order to enable Exit Node, there are two main work for Each clients:
https://github.com/ntop/n2n/blob/dev/doc/Routing.md
Yes. It is possible to make Omniedge the Exit node. It needs some routes rules from the devices. A node will be used as a Exit Node(server), and forward traffics for other nodes.
In order to enable Exit Node, there are two main work for Each clients:
- Enable routing, package forward, and IP masquerading on the Exit node
- Set the route traffic rules on the other clients to use the Exit Node
Basically you can compile the clients to have the EXIT function according to the #n2n doc:
Will add exit node feature to cli and make it automatically.
That's great news!
The EXIT NODE
feature has been added in the branch: https://github.com/omniedgeio/omniedge-cli/tree/feature-ivy, you can compile it and have a try. We are still modifying to make it work better.
How to compile: https://github.com/omniedgeio/omniedge#compile
Here is how:
join
command: sudo omniedge join -r
at the device(Cloud Instance) you want to set as an EXIT NODEsudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
EXIT_NODE_IP="100.100.100.1"
CUSTOMIZE_SUPERNODE_IP="11.22.33.44"
DNS_SERVER="8.8.8.8"
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
cp /etc/resolv.conf /etc/resolv.conf.my_bak
echo "nameserver $DNS_SERVER" > /etc/resolv.conf
ip route add $CUSTOMIZE_SUPERNODE_IP via "$CURRENT_GW"
ip route del default
ip route add default via $EXIT_NODE_IP
ip route del default
ip route del $CUSTOMIZE_SUPERNODE_IP via "$CURRENT_GW"
ip route add default via "$CURRENT_GW"
mv /etc/resolv.conf.my_bak /etc/resolv.conf
#Prepare
EXIT_NODE_IP="100.100.100.1" #Get from api
CUSTOMIZE_SUPERNODE_IP="11.22.33.44" #Get from api
DNS_SERVER="8.8.8.8" #Get from api
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
#Set
route delete
route ADD $CUSTOMIZE_SUPERNODE_IP MASK 255.255.255.0 $CURRENT_GW
route ADD 0.0.0.0 MASK 255.255.255.0 $EXIT_NODE_IP
#Restore
route delete $CUSTOMIZE_SUPERNODE_IP
route delete 0.0.0.0
route ADD 0.0.0.0 MASK 255.255.255.0 $CURRENT_GW
#Prepare
EXIT_NODE_IP="100.100.100.1" #Get from api
CUSTOMIZE_SUPERNODE_IP="11.22.33.44" #Get from api
DNS_SERVER="8.8.8.8" #Get from api
CURRENT_GW=$(ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }')
# Set
route -n add -net $CUSTOMIZE_SUPERNODE_IP $CURRENT_GW
route -n add -net 0.0.0.0 $EXIT_NODE_IP
# Restore
route delete -net $CUSTOMIZE_SUPERNODE_IP
route delete -net 0.0.0.0
route -n add -net 0.0.0.0 $CURRENT_GW
TBD
TBD
Awesome, will do!
I was able to test it out and it works as intended but I was hoping for more of a client zero-configuration option. In this solution, the routing works because you're telling each client the default route to use. I was hoping you could define the routing at the server/cloud UI level. Or, if that isn't possible, perhaps limit the client configuration to specifying the exit node IP like Step 3 of https://tailscale.com/kb/1103/exit-nodes/
I'm also mostly interested in the mobile app use case for exit nodes. I'd like to route the mobile data through a Linux exit node.
P.S. you'll want to add autoconf
to your list of prerequisites on https://github.com/omniedgeio/omniedge#build-for-ubuntu-1804-2004-2204debian-10-11
Thanks for the testing. Yes, we have plans to add it in the dashboard, and make it work with zero-config.
And Thanks for pointing the missing autoconf
, we just update the compile for ubuntu/debian.
Excellent, looking forward to it. By the way, your bandwidth speeds (thanks to n2n) are much higher than Tailscale or ZeroTier. <3
It would also be ideal to pair exit node capability with always-on VPN on the client. If you configured the mobile app to support MDM configuration like https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment OmniEdge would be great for my use case.
ping
ping
It will take longer than I expected to release this feature. The barrie is not the technology but the regulation.
Interesting. Any specific regulation or just general privacy concerns? Companies routinely monitor device behavior. Perhaps a label in the app noting the mode is enabled?
OmniEdge is a C-Corp in Delaware, US, but the owner is Chinese Citizen who will travel frequently to China for other business. VPN service with exit node function needs license. It's funny but true.
There is a way to fix this: OmniEdge opens a Chinese branch and apply the VPN license or the owner keeps staying outside of China.
I see. Thanks for that background. Would you be able to create a code branch with the exit node functionality so I can locally build and test and if/when the regulation is resolved the tech piece will be done?
I am sorry that we can not do it at the moment.
No worries, thanks for trying 🙂
Does OmniEdge have Exit Node capability? (route all network traffic destined for the public Internet through a specific node)
https://omniedge.io/docs/article/architecture mentions
Forward TCP and UDP traffic over the virtual network, either directly or indirectly. Provide local DNS resolution for proxied requests.
so I'm hoping this is possible.